Category Archives: Cisco Firepower Next-Generation Firewall (NGFW)

3 things you need to know about Cisco Threat Response at CLUS

Overwhelmed by the sheer volume of security alerts and potential threats hitting your SOC? Security risks have never been greater, with networks expanding into the cloud, the explosion of mobile and IoT devices, and increasingly sophisticated threats. On top of that, disparate security tools make it tougher to find and remediate threats, especially when you’re under attack and time matters most.

So how can you stay ahead of threats? Enter Cisco Threat Response, a tool that was created to help SOC analysts simplify and speed threat detection, investigation, and remediation from a single interface.

This week at Cisco Live, we’re excited to share continued innovations from Threat Response designed to make your life even easier.

1. Introducing our integration with Cisco Firepower NGFW

You may know that Threat Response is already integrated across multiple Cisco Security products – AMP for Endpoints, Threat Grid, Umbrella, and Email Security. In the coming weeks, you will be able to analyze and triage high priority IPS alerts in Threat Response and enrich these IPS events alongside data from other integrated products. This means  streamlined threat investigations with a fuller picture of the impact across your network, all from a single console.

Join us at Cisco Live to get a preview of this exciting integration. You can see a live NGFW demo at the Cisco Security booth in the World of Solutions. In the meantime, check out this new episode of ThreatWise TV that showcases how Firepower events are integrated into Threat Response.

2. Learn how to enhance your existing SIEM and SOAR tools with open APIs

Threat Response isn’t trying to replace the SIEM or SOAR you’ve already got; rather you can leverage our open APIs for 3rd-party integrations to complement your existing security stack. Script up your own integrations to automate data enrichment and response actions across multiple security products, all in a single interface for a seamless workflow.

At Cisco Live, get your learn on and get hands-on in the DevNet Zone:

  • DEVNET-2505– Automate your threat hunting workflow with Cisco Threat Response APIs – Presented by Christopher Van Der Made.
  • DEVWKS-2639– Security Research and Response Workflows with APIs – Workshop with Neil Patel.

3. Use our browser plug-ins to access threat intel and kick off investigations now

Still haven’t leveraged our APIs or you’re using non-Cisco security products?  Don’t worry, you can still use Cisco Threat Response thanks to our browser plug-ins for Chrome and Firefox. In seconds, you’ll be able to pull threat intelligence to get verdicts on observables and start investigations.

You can see the Threat Response browser plug-in in action in demos and breakout sessions at Cisco Live. We’ll show you how you can pull threat data from sources like Talos  and take actions without native integrations.

  • Demos across the Cisco Security booth in World of Solutions, such as Stealthwatch Cloud.
  • BRKSEC-2433– Threat hunting and incident response with Cisco Threat Response – Breakout session with Ben Greenbaum.

Additionally, you can check out Threat Response elsewhere on the ground in San Diego:

More integrated demos at the Cisco Security booth in World of Solutions

  • AMP for Endpoints
  • Email Security
  • Umbrella theater sessions: Umbrella Investigate, Umbrella and AMP for Endpoints

Hands-on Labs

  • LABSEC-1012– Threat intelligence, security investigation, incident response with Cisco Threat Response – Sunil Kumar and Vivek Singh
  • LTRSEC-2200– You Got Hacked! Here is What to Do (AMP4E, TG, Splunk, CTR, CTA)
  • – Karel Simek, Michal Svoboda, Ben Greenbaum


  • CCP-1302– Roadmap: Endpoint Security – Cisco Customer Connection Program session with Snehal Patel (CCP membership required – it’s free to join, sign up here)

Come see why there’s so much buzz around Threat Response at Cisco Live this week. Holler at me on Twitter @jolenetam if you’ll be around! Until then, learn more at


The post 3 things you need to know about Cisco Threat Response at CLUS appeared first on Cisco Blog.

A Bridge to the Future of the Firewall

Cisco Defense Orchestrator adds support for new platforms, cloud logging and advanced analytics

Organizations today are faced with securing their business everywhere across their hybrid networks – from the campus network, to remote sites, to public clouds and remote employees. This explosion of perimeters means that network security functions need to be present on physical appliances, in the cloud, in the branches and delivered from the cloud.

The result is operational complexity, compounded by the fact that most organizations are still using inefficient, manual processes to manage their network security solutions.

Over time, rulesets can become bloated and inconsistent, leaving organizations increasingly at risk. A recent survey of IT and infosec professionals by Enterprise Strategy Group found that 94% were concerned that this increased network complexity makes them more vulnerable. And 88% want to make network security policy changes more agile.

How do we ensure that our security controls are enforced consistently everywhere?

A new approach is needed that can scale with your growing network while also helping you seamlessly manage policies across your environment – powered by intelligence and insights.

Over the last few years, hundreds of Cisco ASA customers have adopted Cisco Defense Orchestrator to simplify and unify policy and device management. Today, we’re announcing new platform support and cloud-based logging with advanced analytics.

Cisco Defense Orchestrator support for Firepower Threat Defense (FTD) and Meraki MX

Now organizations can seamlessly harmonize security policies across tens or thousands of devices – including ASA, and in the very near future, FTD and Meraki MX. For example, a mid-sized enterprise may have FTD devices in their corporate office, ASAs in their data center, and Meraki MX devices in remote and home offices. Rather than maintain three separate sets of policies, the customer can use Cisco Defense Orchestrator to streamline and unify common access policies.

Besides realizing significant time savings, Cisco Defense Orchestrator provides the organization with visibility and confidence into the policies that govern these disparate devices from one central manager.

Introducing Cisco Security Logging and Analytics

Available soon through Cisco Defense Orchestrator, the Security Analytics and Logging service helps you make better security policy management decisions by providing greater visibility and threat detection capabilities across your firewall and network. It allows you to correlate the static events on a firewall with behavioral analytics and private network monitoring enabled by Stealthwatch Cloud.

First, it aggregates and centralizes intelligence from NGFW logs and network logs securely in the cloud, accessible and searchable from Cisco Defense Orchestrator.

Then, it enriches and correlates threat intelligence in the context of specific events and alerts within an organization’s systems to baseline normal behavior. Lastly, it uses this intelligence to speed investigations and provide insights for corrective security policy actions. See our new At-a-glance for more information.

Cisco Defense Orchestrator: Your bridge to the future of network security

We want to bring customers on a journey to the future of firewalling by solving the biggest network security challenges they’re facing today.

“Managing the firewalls and VPN endpoints for our clients with Cisco Defense Orchestrator saves us a lot of time and streamlines upgrading those devices. Its ease of use gives us the instant visibility and management we need while helping us reduce configuration errors.”

– Stuart Nelson, Senior Network Engineer, DHI Computing Service

Attend my Innovation Talk “What is the Future of the Firewall?” online or live at Cisco Live US on Wednesday, June 12th to hear more of our vision for the future of the firewall.

See how Cisco Defense Orchestrator can help your organization simplify and unify security management and sign up for a free trial today.

The post A Bridge to the Future of the Firewall appeared first on Cisco Blog.